Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities (cisco-sa-20100324-sip)

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Multiple vulnerabilities exist in the Session Initiation Protocol
(SIP) implementation in Cisco IOS Software that could allow an
unauthenticated, remote attacker to cause a reload of an affected
device when SIP operation is enabled. Remote code execution may also
be possible. Cisco has released free software updates that address
these vulnerabilities. For devices that must run SIP there are no
workarounds
however, mitigations are available to limit exposure of
the vulnerabilities.

See also :

http://www.nessus.org/u?7378b50c

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20100324-sip.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: CISCO

Nessus Plugin ID: 49054 (cisco-sa-20100324-siphttp.nasl)

Bugtraq ID:

CVE ID: CVE-2010-0579
CVE-2010-0580
CVE-2010-0581